Ransomware: What to do if hit by an attack

Not a day goes by we don’t hear about another “ransomware” attack, it seems – including high-profile attacks on a major U.S. oil pipeline and the world’s largest meat processing company.

President Joe Biden pressured Russian President Vladimir Putin to crack down on ransomware attacks to “avoid unnecessary action.”

As the name suggests, ransomware is an attack that locks your computer and demands a ransom to give back your data.

Cybercriminals typically target businesses and governments – in the hopes they’ll pay bounties to release files and perhaps avoid a public relations disaster – but opportunistic crooks also extort money from regular computer users, like you and me. Because hey, it all adds up.

You might sit down to use your laptop or desktop and see an on-screen alert that your computer has been locked or that your files have been “encrypted.” To obtain a decryption key, you must pay up. The ransom demanded from individuals varies greatly, but it's typically a few hundred dollars and must be paid in difficult-to-trace cryptocurrency, such as Bitcoin.

(For businesses, including health care facilities and universities, criminals typically extort $100,000 or more – or else the obtained files will be deleted, sold or published online to humiliate the organization.)

Ransomware is most often a computer program on the other end of the extortion, rather than a live human waiting for you to pay.

What to do?

According to cybersecurity experts, the rule of thumb is not to give in.

Experts say when it comes to ransomware attacks, the rule of thumb is to not give in.

Who's responsible for COVID-19 misinfo?: Lawmakers introduce bill to hold Facebook, Twitter accountable

Summer Games: How to see the Tokyo Olympics in 4K video

“Even if you pay for a ‘decrypter,’ there’s no guarantee you’ll get your files back,” cautions Darren Shou, chief technology officer at NortonLifeLock, a leading cyber safety company. “In fact, paying encourages more criminal activity.”

Shou says criminals hope for an “emotional response” that will quickly put your hand in your pocket. “It’s a scary moment when you realize someone put a lock on your stuff … you’ll often see text is in red, and maybe blinking – it’s scary.”

Ransomware is on the rise, confirms Shou, for both consumers and enterprise companies. NortonLifeLock has seen a 35% increase in the past quarter: 537,137 ransomware detections out of a total of 919 million total cyberthreats blocked by Norton over the past 100 days, Shou says. “Ransomware is big business.”

If you’re attacked, experts suggest disconnecting the computer from the network, such as turning off Wi-Fi. On another device, do an online search to determine the kind of ransomware. Look for information on your hijacked computer screen, and perhaps take a photo as a backup. Sites such as No More Ransom may be able to help by matching your ransomware with a free tool to remove it. Though it may take some trial and error, there are some no-cost decrypters to use (from trusted sources) and run anti-malware software, too.

Or you can bring a locked computer to a trusted technician to attempt to decrypt the files. Best Buy’s Geek Squad offers such as service.

Shou advises getting as much information as possible. “Report the crime,” he says, “as it helps law enforcement and investigators try to find the perpetrators and prevent future attacks,” even if you already paid.

There are cases of “double extortion,” in which the criminals exfiltrated data and kept a copy before the victim paid, then they attacked again by threatening to release private and potentially embarrassing emails, texts or images.

Preventive tips

Smart software and common sense can help minimize the odds of a ransomware attack.

Proactively install anti-malware cybersecurity software on all your devices, and don’t let it expire at the end of the year. NortonLifeLock has various options, starting at $39.99 a year.

Delete suspicious emails and text messages purported to be from your bank, internet service provider (ISP), credit card company and so on. Clicking on a link may take you to a phony site asking for personal information. Phishing scams attempt to “lure” you to an authentic-looking site. Your bank or the IRS will never reach out to you via email and ask you to urgently confirm your personal or financial details. Never click on email attachments you didn't expect.

Download apps (programs) only from trusted sources, such as the Microsoft Store (for Windows 10), the Mac App Store (for Mac users), App Store (iPhone, iPad) or Google Play for Android devices and Chromebooks.

Keep apps and operating systems fully updated; where possible, set to auto-update, so you don’t have to remember to do it. “Just as we need to do regular maintenance on our cars and homes, we also have to do device maintenance, such as keeping software up to date,” Shou says.

Make sure the devices you have on your network, such as a wireless printer or router, are also updated with the latest software ( “firmware”).

Finally, regular backups are critical, whether it’s an offline solution (such as an inexpensive external hard drive, solid state drive or even a thumb drive) or an online cloud service (iCloud, Google Drive, Dropbox and so on) or both. Backups protect your files in the event of a ransomware attack (or other kinds of malware), as well as theft, fire or flood or a power surge that fries your hard drive.

Follow Marc on Twitter for his “Tech Tip of the Day” posts: @marc_saltzman. Email him or subscribe to his Tech It Out podcast at https://marcsaltzman.com/podcasts.

This article originally appeared on USA TODAY: Ransomware: Tips on what to do if you get hit by an attack